Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/29 9:22 p.m.4 views

Untrusted Search Path

Overview ouroboros-ai is a Specification-first workflow engine for AI coding agents. Works with Claude Code and Codex CLI. Affected versions of this package are vulnerable to Untrusted Search Path in the process of loading environment variables from the local .env file in the project directory. A...

8.8CVSS6.2AI score0.00557EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:22 p.m.9 views

CVE-2026-42809

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS5.8AI score0.00355EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/04 4:22 p.m.13 views

EUVD-2026-27033

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS5.8AI score0.00355EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/18 12:55 a.m.18 views

OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)

Command hijacking via PATH handling Discovered: 2026-02-04 Reporter: @akhmittra Summary OpenClaw previously accepted untrusted PATH sources in limited situations. In affected versions, this could cause OpenClaw to resolve and execute an unintended binary "command hijacking" when running host...

8.8CVSS6AI score0.00465EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder